Capital Planning and Investment Control Processes and Budget Reporting Circular A11, Sections 31, 52

1
Capital Planning and Investment Control Processes
and Budget ReportingCircular A-11, Sections 31,
52, 53, 100 and 300

• Office of Management Budgets
• Office of Information and Regulatory Affairs
  (OIRA), Office of Federal Financial Management
  (OFFM), and Office of Federal Procurement Policy

2
Agenda

• Associate Director for IT and e-Gov, Mr. Mark
  Forman
• Information Policy and Technology Branch Staff
• Office of Federal Procurement Policy Staff
• Office of Federal Financial Management Staff

3
Legislative and Policy Framework

• Budget Enforcement Act of 1990
• Chief Financial Officers Act of 1990
• Government Performance Results Act of 1993
• Federal Acquisition Streamlining Act of 1994
  (Title V)
• Paperwork Reduction Act of 1995
• Federal Financial Management Improvement Act of
  1996
• Clinger-Cohen Act of 1996 (ITMRA FARA)
• Balanced Budget Act of 1997
• Government Paperwork Elimination Act of 1998

• Circular A-11, Preparation and Submission of
  Budget Estimates
• Circular A-123, Management Accountability and
  Control
• Circular A-127, Financial Management Systems
• Circular A-130, Management of Federal Information
  Resources
• OMB memorandum M-97-02 dated October 25, 1996,
  Funding Information Systems Investments
• OMB memorandum M-00-07 dated February 28, 2000,
  Incorporating and Funding Security in Information
  Systems Investments

4
And in plain English?

• WE --
• have a finite amount of money (BEA, BBA)
• must focus on agency mission, strategic goals,
  performance outcomes (GPRA and CCA)
• make strategic decisions about fiscal investments
  (PRA)
• to get the biggest bang for the buck (CCA)
• then deliver on our commitment (FASA V)

5
What is Capital Planning and Investment Control?

• A disciplined process that --
• Links planning to budgeting to procurement to
  operations, maintenance and management-in-use
  (full life-cycle)
• Is results-oriented and performance-based
• Is synonymous with capital programming

6
IT and OMB Circular A-11

• Section 31 Compliance with Administration
  Policies and Other General Requirements,
  addresses CPIC, IT Security and Privacy and GPEA.
  
• Section 100
• Section 52, 53, and 300

7
Security

• Security is an integral part of an agencys
  business operations
• Security must enable and not inhibit these
  operations.
• Plans to fund and manage security must be built
  into life-cycle budgets for information systems

8
Security

• Section 31.8, Performance indicators, goals, and
  management improvement
• Estimates should reflect OMB security policies,
  NIST guidance, including the Security Act.
• Demonstrate costs are incorporated throughout the
  life-cycle phases of the system.
• Demonstrate that risks are continually assessed.

9
Security -- Section 31.8

• Demonstrate that controls are commensurate with
  risk and magnitude of harm.
• Identify additional controls for systems that
  promote public access and interconnected systems.
• Demonstrate the use of controls and
  authentication tools to protect privacy for
  systems that promote/permit public access.
• Demonstrate that the handling of personal
  information is consistent with govt-wide and
  agency policies.

10
Security

• Exhibit 53s
• Must report security costs per system.
• 0 no security controls
• What are security costs?
• 1. Products, procedures, personnel, etc. that
  are primarily dedicated to or used for provision
  of security controls
• employee training, security inspections and
  audits, vulnerability and penetration testing.

11
Security -- Section 53

• 2. Products, procedures, personnel, etc. that
  have as an integral component a quantifiable
  benefit to security
• privacy training, system/program evaluations.

12
Security

• Capital Asset Plans - FY03 Changes
• Incorporated the Govt Info Security Reform Act
• Can you confirm that the security of this system
  meets the requirements of the Security Act?
• Were any weaknesses identified for this project?

13
Security -- Section 300

• Section E. Security and Privacy
• OMB M 00-07, Incorporating and Funding Security
  in Information Systems Investments
• Demonstrate costs are incorporated throughout the
  life-cycle phases of the system.
• Demonstrate that risks are continually assessed.
• Demonstrate that controls are commensurate with
  risk and magnitude of harm.

14
Security -- Section 300

• Identify additional controls for systems that
  promote public access and interconnected systems.
• Demonstrate the use of controls and
  authentication tools to protect privacy for
  systems that promote/permit public access.
• Demonstrate that the handling of personal
  information is consistent with govt-wide and
  agency policies.

15
Security

• Government Information Security Reform Act
• Agency executive summaries and supporting
  documentation are due to OMB on Sept. 10th.
• OMB will use the information provided by agencies
  to assist with budget decisions.
• Information reported in the executive summary
  should match information in budget submissions.

16
Security -- Govt Info Security Reform Act

• Identify agencys total security funding in the
  FY02 budget request.
• This should include a breakdown of security costs
  by each major operating division or bureau and
  include critical infrastructure protection costs
  that apply to the protection of government
  operations and assets.

17
E-Government and GPEA Budget
The Administrations FY 2002 budget calls on
agencies to create an electronic government that
is

• Citizen-Centered
• Results-Oriented
• Market-Based

OMB Logo
18
E-Government and GPEA Legislation

• Provide customer service in a fundamentally
  better way
• Re-engineer business process around technology
  and customers.

When we combine these laws we get
Arrow Left
GPRA
PRA
Clinger -Cohen
GPEA
CUSTOMER SERVICE

• LESS TIME TO ACCESS
• EASIER TO FILL
• FASTER TO SUBMIT
• QUICKER RESPONSE AND INERNAL PROCESSING

Chart With Levels of Service GPRAlt PRA,
Clinger-Cohen, GPEA
19
E-Government and GPEA The Act (GPEA) P.L. 105-277
(Title VII)

• Agencies to automate interactions with outside
  partners/customers by October 2003 to the extent
  practicable.
• Electronic signatures should not be denied legal
  effect because electronic.
• Encourages electronic filing, electronic record
  keeping, and electronic signatures.

20
E-Government and GPEA Section 31.8 Performance

• See OMB guidance M-00-10, OMB Procedures and
  Guidance on Implementing the Government Paperwork
  Elimination Act http//www.cio.gov/Documents/impl
  ementation_gpea.html
• Performance of E-gov is ONLY performance of the
  program
• reduce cost, decrease time, raise productivity

21
E-Government and GPEASection 300

• Describe linkages to agency GPEA plan
• Weigh the magnitude of the risk and select an
  appropriate combination of technology and
  practice to cost-effectively minimize risk and
  maximize benefits to agency and to customers.
• Prioritize projects by net benefit
• Re-design existing business process around these
  new technologies and needs of users.
• Include any OMB Control numbers from PRA

22
E-Government and GPEAExhibit 53

• Ensure that spending on IT prioritizes and
  manages e-Government projects effectively through
  your agency's capital planning process and
  enterprise architecture.
• Ensure that initiatives create a citizen centered
  electronic presence
• Advance an e-Government strategy that includes
  specific outcomes to be achieved.

23
Enterprise Architecture

• A strategic information asset base, which defines
  the mission, the business processes necessary to
  perform the mission, the data required to perform
  the processes, the applications required to
  manage the data, the technologies required to
  manage the applications, and transitional
  processes for modernizing.

24
Enterprise Architecture

• CCA requires agency to have an EA that includes
  current and to be
• Technical Reference Model
• Standards Profile
• Sequencing plan using CPIC
• A-130 and the EA
• How EA is used with the CPIC

25
Performance Management

• IT Investments identified, tied to strategic
  goals and missions, tied to the processes it
  enables, identifies the data collection and
  information collection requirements, and provides
  planned cost, schedule, and performance goals
  that are monitored and reported.

26
Privacy

• Section 31.8
• Section 53
• Section 300
• Privacy Impact Assessment
• Security and Privacy under part II.

27
Budget Implementation

• OMB Circular A-11, Preparation and Submission of
  Budget Estimates
• Part 1 -- Budget Requests
• Budget Exhibit 52, Report on Resources for
  Financial Management Activities
• Budget Exhibit 53, Agency IT Investment Portfolio
• Part 2 -- Strategic Plans Annual Performance
  Plans
• Part 3 -- Planning, Budgeting Acquisition of
  Capital Assets
• Budget Exhibit 300, Capital Asset Plan
  Justification
• Capital Programming Guide

28
Capital Planning in the Budget

• Agency Capital Plan (includes all Major Assets)
• Agency IT Investment Portfolio (Exhibit 53)
• Major IT Projects
• Financial Management System (Exhibit 300)
• Human Resources System (Exhibit 300)
• Mission Area Major Projects (Exhibit 300)
• Report on Resources for Financial Management
• Activities (Exhibit 52)

Arrow Join On Two Topics
29
Capital Asset Plan (300)

• Part I Summary of Spending For Project Stages
• Part II Justification and Other Information
• A. Justification
• B. Program Management
• C. Acquisition Strategy
• D. Alternatives Analysis and Risk Management
• E. Enterprise Architecture (IT Projects Only)
• F. IT Security (IT Projects Only)
• G. Government Paperwork Elimination Act (GPEA)
  (IT Projects Only)

30
Capital Asset Plan (300)

• Part III Cost, Schedule, and Performance Goals
• A. Description of performance-based management
  system
• B. Original baseline (OMB-approved at project
  outset)
• C. Current baseline (applicable only if OMB
  approved the changes)
• D. Actual Performance and Variance from
  OMB-approved baseline (Original or Current)
• E. Corrective Actions

31
What Do You Report?

• For New Projects
• Part I
• Part II-- Sections A - D (and, if IT, Sections E
  - G)
• Part III-- Sections A B
• For On-Going Projects (conversations with OMB
  from 02) Processes and Reviews)
• Part I
• Part II-- Section B (1) (and, if IT, Sections E -
  G)
• Part III-- Sections A, B, D (and Sections C
  E, if applicable)
• NOTE Section A should be updated if changed
  circumstances affect justification for project.

32
IT Exhibits

• Exhibits are Question and Answer Format
• All Electronic Submissions
• Automated for agencies using I-TIPS (52, 53, and
  300)
• Spreadsheets will be provided on cio.gov
• A-11 includes CCA requirements
• OMB Meeting with Agencies on CPIC
• Areas to Improve and specifics for FY2003 Budget
  Submission

33
Capital Asset Plans (IT Specific)

• Unique Project ID
• Financial Management Criteria
• GISRA Requirements
• 300-A and 300-B combined
• Triumverate (CIO, CFO, PE)
• Enterprise Architecture
• IT Security and Privacy
• GPEA

34
Agency IT Investment Portfolio (Exhibit 53)

• 53.1 Why must I Report?
• 53.2 What special Terms must I know?
• 53.3 How do I determine whether I must report?
• 53.4 How do I submit the Exhibit 53 and when is
  it due?
• 53.5 If I submitted the Exhibit last year, how do
  I revise it this year?
• 53.6 How is the Exhibit organized?
• 53.7 How is the Exhibit Coded?
• 53.8 What are the steps to complete the Exhibit?

35
Section 52 Information on Financial Management

• 52.1 What are the general reporting requirements?
• 52.2 What other reporting requirements does this
  fulfill?
• 52.3 Who must report financial management
  information and when is it due?
• 52.4 What materials are required in the budget
  justification and why?
• 52.5 What is the report on resources for
  financial management activities (exhibit 52) and
  why must I submit it?

36
Section 52 Continued...

• 52.6 What are the line descriptions and coding
  for exhibit 52?
• 52.7 How do I check my exhibit 52 data for
  consistency?
• 52.8 How do I submit exhibit 52 and when is it
  due?
• Additional Changes or concerns
• Minor changes in the format for Exhibit 52 since
  last year
• Exhibits 52 must be provided electronically to
  Exhibit52_at_omb.eop.gov.

37
OMB Circulars A-11 and A-130Pulling it all
together. . .

• IRM Strategic Plan (Paperwork Reduction Act)
• Enterprise Architecture (Clinger-Cohen Act)
• Documented CPIC Process (Clinger-Cohen Act)
• Agency Capital Plan (Circulars A-11 and A-130)
• CAPs, Agency IT Portfolio, Report of Financial
  Management Activities and attendant documents,
  Transforming the Agency discussion, and CPIC
  Control (all IT Investments).
• All Section 52, 53, and 300 documents updated to
  reflect Presidents Decisions and resubmitted.

38
Questions or Comments?

• OFPP - Yvette Garner ygarner_at_omb.eop.gov
• OIRA - William McVay wmcvay_at_omb.eop.gov
• OFFM - Jean Holcombe jholcomb_at_omb.eop.gov
• To send Exhibits to OMB
• Exhibit53_at_omb.eop.gov
• Exhibit52_at_omb.eop.gov
• Exhibit300_at_omb.eop.gov